Earlier today, we reported on a story concerning ProtonMail and data it was forced to release at the request of Swiss authorities. The company bills itself as a privacy-focused email and VPN service whose servers are located in Switzerland, where the privacy laws are supposedly stricter than anywhere else in the world.
Estimated reading time: 3 minutes
So when the news broke that the Swiss government forced ProtonMail to give up data they wanted involving a French climate activist, privacy advocates wondered why ProtonMail even had this sort of data on hand. The company has issued some clarifications in the case.
ProtonMail does acknowledge that under Swiss laws, they can be forced to collect information on accounts under Swiss criminal investigation but insists that this is not done by default and only when the company gets a legal order to do so. ProtonMail also outlined eight points they wished to clarify listed below:
- Under no circumstances can our encryption be bypassed, meaning emails, attachments, calendars, files, etc. cannot be compromised by legal orders.
- ProtonMail does not give data to foreign governments; that’s illegal under Article 271 of the Swiss Criminal code. We only comply with legally binding orders from Swiss authorities.
- Swiss authorities will only approve requests which meet Swiss legal standards (the only law that matters is Swiss law)
- Transparency with our user community is extremely important to us. Since 2015, we have published a transparency report publicizing how we handle Swiss law enforcement requests: https://protonmail.com/blog/transparency-report/
- Under Swiss law, it is obligatory for a user to be notified if a third party makes a request for their private data and such data is to be used in a criminal proceeding. More information can be found here.
- Under current Swiss law, email and VPN are treated differently, and ProtonVPN cannot be compelled to log user data.
- Due to Proton’s strict privacy, we do not know the identity of our users, and at no point were we aware that the targeted users were climate activists. We only know that the order for data from the Swiss government came through channels typically reserved for serious crimes.
- There was no legal possibility to resist or fight this particular request.
ProtonMail lists some of the things they are doing to change the service and offers tips on how to better use the service for the best privacy and anonymity experience. Be sure to visit their blog post for more. The short of it is, no matter what service you use, you’re going to have to trust whichever service it is with your private information. It’s up to you now if you choose to trust Proton.
What do you think? Please share your thoughts on any of the social media pages listed below. You can also comment on our MeWe page by joining the MeWe social network.